Pages

Wednesday, September 30, 2015

Here you can download the latest ATM Malware called GreenDispenser and other related to ATM malware. I will keep update on it. If you have more samples and and hash feel free to leave a comment. Thank you.

Wednesday, April 9, 2014

Recent OpenSSL bug called Heartbleed (CVE-2014-0160) causing million of website in trouble. Heartbleed test developed by Filippo Valsorda has been release as open source. I just give some play around with Heartbleed.

BTW, What is Heartbleed bug? Heartbleed bug is actually vulnerability on OpenSSL cryptography library that cause any user to read system memory (Affected on vulnerable version only).

Thursday, March 13, 2014

As I get the sample of Dendroid APK malware I decided to make quick analysis on it. Thanks to +Mila Parkour for the sample.

DB01F96D5E66D82F7EB61B85EB96EF6E
52A30B58257D338617A39643E2216D0C

The original sample is protected with Dexguard to give extra protection on its code as its will appeared to be obfuscated when decompiling.

The following permission can be used once it has been installed:

directly call phone numbers

read phone status and identity

reroute outgoing calls

edit your text messages (SMS or MMS)

read your text messages (SMS or MMS)

receive text messages (SMS)

send SMS messages

take pictures and videos

record audio

precise location (GPS and network-based)

read call log

read your contacts

read your Web bookmarks and history

modify or delete the contents of your SD card

find accounts on the device

full network access

view network connections

retrieve running apps

prevent phone from sleeping

modify system settings

test access to protected storage

As we analyzed the java class, its also can determine if its running on emulator or not. There are many functionality that would be able to completely spy your phone as we going through its java classes.

Saturday, February 1, 2014

Recently I received a VBE file from a friend that looks suspicious with its encoded content and request to do quick analysis on it. So, I manage to play around with it and see what's inside.

The file name that I got is s64.vbe (0B826D9869B139B2C5BB139234C08D43) which is an encoded script file content. The size of this file is around 608,904 bytes. The content of the encoded file is shown below:

If we scroll to the bottom of the file we can see this is some kind of Windows binary file that is converted into ASCII format within VBS. The file svchost.exe is the file name use to save into the disk and run it.

The svchost.exe (333ABC2F9864B70F7EF48B049CBA9286) file is a program called ApacheBench command line utility. At first place, this program use to measure performance test of HTTP web servers. Although, the binary file that I got is not correctly run as it not responsive sometimes. It is possible to use this tool as DDOS attack.